﻿using SD.Business.Service;
using SD.Entity.Jsons;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace SD.UI.Filters
{
    public class MyAuthorization : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            //下面的代码是默认执行系统自定义的身份过滤
            //base.OnAuthorization(filterContext);
            //跳转页面需要用filterContext.Result,而不是Response.Redirect().因为后者虽然也跳转，但是原来的代码依旧会执行
            string controlName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string actionName = filterContext.ActionDescriptor.ActionName;
            string method = HttpContext.Current.Request.HttpMethod;
            if (!new ActionInfoService().HasAcccessAction(1, controlName, actionName, method))
            {
                if (filterContext.HttpContext.Request.IsAjaxRequest()) //如果是ajax 请求
                {
                    JsonSMsg rMsg = new JsonSMsg();
                    rMsg.Status = -1;
                    rMsg.Message = "没有操作权限";
                    filterContext.Result = new JsonResult
                    {
                        Data = rMsg,
                        JsonRequestBehavior = JsonRequestBehavior.AllowGet
                    };
                }
                else
                {
                    filterContext.Result = new RedirectResult("/Error/NoJurisdiction");
                }
                
            }
            
            //获取上下文对象
            //filterContext.HttpContext.Response.Write("请先登陆");  
  
            //这里主要就写两个，一个是是否登录，还有一个就是有没有这个方法的访问权限

        }
    }
}